Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add github action workflow #705

Closed
wants to merge 3 commits into from
Closed

ci: add github action workflow #705

wants to merge 3 commits into from

Conversation

johnhooks
Copy link
Contributor

@johnhooks johnhooks commented Dec 31, 2022
edited

This pull request adds a GitHub workflow to the repo. It uses a third party action felixmosh/turborepo-gh-artifacts to create a local TurboRepo cache server and handles uploading/downloading the cache as GitHub artifacts .

To implement, the following environment variables would need to be added:

  • NPM_AUTH_TOKEN - required to release with shipjs.
  • TURBO_TOKEN - this can be anything, it is used to authorize communication between turbo and the local caching server.

Closes #684

@vercel
Copy link

vercel bot commented Dec 31, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated
dinerojs ✅ Ready (Inspect) Visit Preview 💬 Add your feedback Feb 19, 2023 at 2:41AM (UTC)

@codesandbox-ci
Copy link

codesandbox-ci bot commented Dec 31, 2022
edited

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit b723e7e:

Sandbox Source
@dinero.js/example-cart-react Configuration
@dinero.js/example-cart-vue Configuration
@dinero.js/example-pricing-react Configuration
@dinero.js/example-starter Configuration

@johnhooks
Copy link
Contributor Author

@sarahdayan once #704 is merged can you redeploy on Vercel?

@johnhooks
Copy link
Contributor Author

johnhooks commented Jan 9, 2023
edited

@sarahdayan I added a release.yml workflow that runs on push to the main branch. It builds just like the pull-request.yml workflow, but then calls yarn run shipjs trigger at the end.

I'm don't like how much duplication there is between the two workflows, but I need to do some more research on workflow jobs before I can attempt to extract it.

@johnhooks
Copy link
Contributor Author

@sarahdayan, this is not ready, please make sure I confirm the issues are fixed before merging this PR.

I've been deep diving on GitHub actions and I'm about to rework this to remove all the duplication, but I also need to read through the security docs and make sure I fully understand how to sandbox a PR action environment.

Specific concerns

  • GITHUB_TOKEN needs to be configured to only have read access on the repo, but still be able to upload and download artifacts.
  • The NPM_AUTH_TOKEN NEEDS to only be set in a push to main. Only after code has been fully reviewed and a PR merged. Otherwise someone could push up a PR with a modified action, and have permissions to modify the NPM package 😬. I believe I've already found the solution for this, repos can configure environments that only apply to specific branches. So if you make an action environment called "production" (or whatever you want) you can set the NPM token for that environment and then set it to only apply to the main branch.

@johnhooks johnhooks closed this Feb 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci(turbo): use GitHub Actions to take advantage of TurboRepo cache
1 participant
@johnhooks